How extreme is your home network?

Everyone

I know we have quite a few people with elaborate home lab setups for various purposes. Then there was Forsaken I think it was with the ticketing system in his home... Just wondering how extreme some home network setups are?

Currently I have...

1x Hyper-V 8 Beta server
2x Server 8 Beta Domain Controllers
1x Exchange 2010 HT/CAS/MB server
1x Forefront TMG 2010 Firewall
1x LAMP Web Server

I am in the process of building a second Exchange 2010 server for a DAG, and a 2nd Forefront TMG 2010 Firewall for redundancy.

I have plans to build a 2 node SQL cluster, and a 2 node Windows/IIS web server farm that I will migrate all my sites off the old LAMP server.

This isn't just a lab, I actually use all this stuff. In fact I left out the lab use only systems, these are just the ones I leave powered on 24/7. The web server hosts 3 domains that I own. The Exchange server currently serves e-mail for 1 of those 3 domains, but I will be moving the other 2 over to it. My wife has an account on the domain, and I setup a shared family calendar to keep track of things like doctors appointments, and school activities for the kids. I have my wife's phone connected to it via ActiveSync, so she can get the reminders anywhere she's at.

I have the proxy configured on the TMG firewall to restrict what sites my kids can access if/when they use any computer on the network.

I need new hardware to get all the stuff I actually use on its own dedicated hardware. Right now half of everything runs under VMware Workstation 8 on my desktop, and the other half runs on a couple of old 2U servers.

Starting to feel a little crazy that I have more high availability on my home network than a lot of companies do on their corporate networks. Well on the server side anyway. I'm not a Networking guy, so I don't have a bunch of Cisco routers and switches like a lot of people on here doing CCNA or whatever labs do. Network consist of a single Cisco/Linksys EA4500, and a pair of cable modems at this point. If I add anymore physical hardware, I'm going to need a bigger switch.

MAC_Addy

Here's mine. Though, it's not all being utilized.

My fiancee and I have talked about doing some type of ticketing system to keep track of my house-work including hers. Just haven't even looked into this yet.

I should be getting some servers setup within the next few months, the thought of setting up my own personal exchange server really interests me. Just don't know the best route to take on this.

RobertKaucher

I used to run a full Enterprisy network in my home but I found it very annoying to manage. Currently I just have two physical boxes hosting SBS 2011 (Exchange/SharePoint) and a few virtual systems running SharePoint and SQL Server.

I just found it takes too much time for me to deal with my home network if other people are using it and I am doing things to it that could potentially break somethings. But two of the SharePoint systems are exposed to the outside world, though I do not host their domains DNS systems.

Everyone

RobertKaucher wrote: »

I used to run a full Enterprisy network in my home but I found it very annoying to manage. Currently I just have two physical boxes hosting SBS 2011 (Exchange/SharePoint) and a few virtual systems running SharePoint and SQL Server.

I just found it takes too much time for me to deal with my home network if other people are using it and I am doing things to it that could potentially break somethings. But two of the SharePoint systems are exposed to the outside world, though I do not host their domains DNS systems.

That's why I started trying to move things off of my desktop. It is annoying having EVERYTHING routed through my desktop. If I reboot, the internet goes down, and interrupts their Netflix upstairs. When I have the 2nd TMG firewall setup, that will no longer happen. Already finished the redundancy on the DCs, DNS, and DHCP. Trying to keep the things I could potentially break separate.

I thought about going the SBS route, but I am an Enterprise guy... the software is free for me (legally too), so I'm sticking with what I actually know and work with. If I had to pay for the software I'm not sure I'd even do it at all, lol.

kriscamaro68

I switched to comcast business class (I know just like the commercial) but I purchased the 5 static ip option. I have 1 static setup as my home network that my wife can use without anything getting messed up when I am fooling around with it. I have another ip being used for my lab setup. the rest are not being used at the moment. I will however be setting up another static ip for guest wireless, 1 for website hosting, and another for exchange.

I currently have 5 server/desktops setup.
1 DC on a physical server-this also has a vm running windows 8 for storage pools.
1 Physical running 2k8R2 with vm's running SCCM, SQL 08R2, WSUS 3.0 (Hyper-V)
1 Physical running 2k8R2 with win 7 vm's (Hyper-V)
The other servers are running 2k8R2 but are not currently doing anything as I am to busy to get into other stuff right now.

1 ip is running untangle as a firewall/router/ips
Other ip is running a d-link dgl-4500 gaming router

There will be lots more coming soon as I have some Cisco stuff to play with that my brother in law gave me and a lot more windows stuff to implement. I really want to get my studies for the 70-686 out of the way so I can setup System Center 2012.

All Hyper-V setups no vmware here.

Tackle

Drawing is a little outdated. I've added a few more VM's for Server 8 testing. Upgraded to a new phone, also upgrded to ESXi 5. I need to pick up a switch as I'd like to set up another physical box for a NAS.

Also, that's not my real IP address.

MAC_Addy

Speaking of NAS's I just bought a Synology DS212j. My friend is using one (he's a network engineer). The GUI is awesome with lots of features. Just throwing that out there if anyone is interested.

Oh, you Microsoft guys running VMWare are making me really jealous! I've been waiting to buy a server on eBay that I can run Active Directory and my Cisco Voice server. My day will come soon enough.

Everyone

Forgot to mention the Forefront TMG 2010 firewall also has an Exchange 2010 Edge Transport on it for anti-spam/anti-virus protection and content filtering.

I have more plans, but I've run out of hardware. Don't think I'll have the budget for new hardware until next year. Focusing on paying off bills this year.

I need to do a new drawing like Tackle has there. My setup looks nothing like the old drawing I still have sitting around.

Trifidw

It was a breath of fresh air when I went back to a standard setup at home. I got tired of the loud Cisco router that took over 5 minutes to boot, needing a Cisco switch to be on too to trunk VLANs and provide PoE. I did get a ASA 5505 to replace it but that was powered on once, half configured and then I thought screw it and dusted off the Netgear home router. My custom built PC is likely to be replaced with an off the shelf one when it needs it too, the only thing special that is to stay will be my dual monitors and high end mouse.

veritas_libertas

It's all too much work for me now. I don't want my home network to be more complicated than it needs to be. I did move everything to my closet and run cabling over the weekend. That is probably the extent of the complication I want in my home network. My lab on the other hand...

Tackle

Everyone wrote: »

I need to do a new drawing like Tackle has there. My setup looks nothing like the old drawing I still have sitting around.

I never knew how handy it would be until I made it, glad I did. Keeping it up to date is hard to remember though.

Everyone

Tackle wrote: »

I never knew how handy it would be until I made it, glad I did. Keeping it up to date is hard to remember though.

Yeah I always make a Visio drawing of at least the portion of a network I am responsible for, if one doesn't exist already, when I start a job. I created pretty detailed drawings of the messaging systems everywhere I worked. Always came in handy when I needed to explain something to management or someone on another team. Need to do it at home too, makes it easier to explain to the wife.

NOC-Ninja

My home network is a simple linksys router ---> PC.
I was going to buy an ASA but Im too busy with the ccie lab prep to play around with it.
This is my home lab. This is being used 30-40hrs a week. I get an extra $40 - $50 every month on my electricity.

the_Grinch

I keep mine as simple as possible, when you are dealing with this crap all week the last thing you want is to worry about it at home.

Actiontec Cable Modem/Router - Used for DHCP as required by FiOS
One Linksys Wireless 4 Port Router - Used for Wifi since the Actiontec wireless creates static on the phone
One Linksys 4 Port Router - Needed more ports
One Linksys 4 Port Switch - Two gaming systems on the TV

Very few networking issues in my house

ciscoman2012

I only run the Cisco 881W wireless router 24/7 as well as a 12 port 2950 switch. Everything else in my rack stays off only when I need it on to lab. The 881W and 2950 are part of my home network while everything else is setup for lab purposes only.

rsutton

Home network consists of a Linksys SoHo router and various clients (keepin it simple). All testing/labbing is done a seperate network using ESX.

LinuxRacr

Recent pictures of my lab. I don't have the facilities yet for neat cabling.... Here are some screen shots from some of the various tasks I do in my lab:

DevilWAH

the_Grinch wrote: »

I keep mine as simple as possible, when you are dealing with this crap all week the last thing you want is to worry about it at home.

Exactly! I have a entire network to play with at work, when I get home I just want to relax. I have a Lab equipment at work as well. So home is just a cable router and not much else.

ColbyG

Relatively overdone.

"Core" - 3750G-24T
Voice router - 2811 - terminated SIP trunk and a POTS line
Firewall - 5505 w/ Sec+
Ubiquiti UAP-LR

ESX - HP ML150
Storage - Synology DS1511

thehourman

@LinuxRacr
What is the model of your server? Are you able to run EXSi 5 on that Dell?

LinuxRacr

It is a PowerEdge 2950 (Gen 1, Core Duo x2, 2.6 GHz, PERC5i, DRAC5). Yes. I had to update the bios in order to run ESXi 5.

Since this is a first generation 2950, there is no internal USB port, so I used a low-profile SanDisk 8GB USB drive in the front, behind the face plate to install the ESXi OS on...

networkjutsu

Nothing extreme about my setup but thought I'd share my setup anyway.

Recently bought WNDR-3800 to finally replace my aging WGR-614 wireless router and finally transition to 802.11n. I didn't bother setting up my Cisco 871W or 871 so if anybody is interested in buying one of them or both let me know. One of them is still in the box and was never opened. The other one was opened and powered on but never was used. Anyway, the WNDR-3800 is connected to GS605 and WGR-614 (acting as 10/100 switch).

I have six wired devices and some wireless devices. Wired devices are the following - home server, regular PCs, HTPC, and 2511. Home server is Win2K8 R2 acting as my domain/file server and runs VMs to provide services like SSH server, Squid proxy, FTPS server, Wordpress (though, I moved it to a hosting site now), remote access to my CCIE home lab, and etc.

SteveO86

Still need a bunch more. Access Server, Backbone routers, want to get an ASA or two (prob just a 5505), I still need to get wings for the other switches, then more WICs and cables

Forsaken_GA

VMWare has allowed me to go rather nutso with the expansion of my lab.

Physical gear (not counting my CCIE lab gear or access devices like laptops, ipads, etc)

Cisco 3725 (Edge Router)
Cisco 3550 (Access/Distribution Switch)
Apple Airport Extreme (Trusted Users AP)
Linksys AP (Not so trusted users AP)
Synology DS1511+ (NAS)
(2) HP DL385 g2 with dual quad-core and 16 gigs each (ESXi hosts)
Netgear Switch (cheapest thing I could find with gig ports that supported Jumbo frames, used as the backend storage switch for my ESXi hosts and my Synology for iSCSI and vMotion traffic)

As far logical setup goes -

Each VLAN has dual PFSense firewalls in front of it, providing redundancy through CARP, not going to list it on each vlan because it's tedious. Each firewall participates in routing with the 3550 via RIP, since getting OSPF running on PFSense is..... a chore.

DMZ:

2 DNS servers (Debian with PowerDNS)
Web Server (Debian)
Reverse Proxy Server (used to access internal sites externally, used to overcome single IP on residential internet services while still having hosts on different IP's running web based services. Beats the snot out of having to maintain a crapload of NAT port forwards. Running Scientific Linux)

Corporate Services VLAN:

LDAP server (CentOS)
2 Database servers (Mysql, Centos, Master/Slave configuration)
Wiki (Centos, running Confluence)
Fileserver (Serving up CIFS/NFS, Debian)
Backup server (Debian, running rsync to all of the boxes)
Repository Server (CentOs. Running Spacewalk for updates to CentOS/Scientific based hosts, mirroring a Debian repository for Debian based hosts)
PKI Server (Scientific Linux, encrypted filesystems, runs my Certificate Authority, as all services that can be secured via certificate are. Normally powered down unless I have a need for it)
Log Retention server (Debian, running Splunk)
Webserver (Debian, runs intranet services like my ticketing system, etc)
Proxy Server (Debian, running Squid)

Development VLAN:
Webserver (Debian)
Database server (Centos)
(These two are where I try out new software prior to deployment on other servers to see if I like it, if it will fit in, etc)

Engineering VLAN:
Nagios host (Debian)
Engineering Services (IPPlan, PowerAdmin for DNS management, Rancid for network config backups, Netflow collection, etc)
Graphing/Trending (Debian, runs things like Cacti, Smokeping)
Bastion Host (OpenBSD, this box is the only one that's externally accessible via SSH, and the only box that's allowed access to everything in the network)

Corporate Users VLAN:

This is where all the 'normal' users on my network go, and where the Airport Extreme lives

Guest VLAN:

This is where everyone else goes. Like 12 year old children who don't know not to click on pop ups. And people who come over and want to use my Wireless. This PFsense firewalls guarding this VLAN use the Captive Portal feature (local authentication, not tied to anything on the backend) to prevent unauthorized use. This vlan is also policed to 256k up/down, so it's fine for web surfing (without streaming) and checking email, but not much else


In addition to the home lab, I rent a VPS from Linode that runs Debian. The 3725 runs an IPIP tunnel to the Linode, and they run RIP with each other (they used to run BGP, but Linode decided to start filtering that... was not happy), so the Linode is logically a part of my internal network. The Linode also functions as my email server, since alot of folks don't like IP's from residential IP space. Given it's placement, it's also perfect as my VPN server. It runs OpenVPN, and I VPN into it, and thanks to the tunnel, it's like I have local access to my internal network.

The linode also have native ipv6 access, and the 3725 maintains an ipv6 tunnel via Hurricane Electric. This allows me to bypass networks which have heavy lockdown on ipv4, but totally forgot to account for ipv6, and thus retain access to my internal network over the public internet.

Post CCIE lab migration plans include the following:

Replace LDAP server with AD domain controller. Already have a mockup as proof of concept, just don't have the time to actually migrate all of the hosts.

Implement Exchange. The Linode runs Postfix, but down the line I'd like to use it as an email gateway instead of doing IMAP locally. I know it's possible to have postfix handoff received mail to Exchange for processing, I just don't know how to implement it. Again, the hold up here is a lack of time, CCIE is paramount at the moment, so it gets the free time

Implement Lync server - Just because I feel like it

Migrate entire internal network to native ipv6. The 3550 is the hold up there, as it doesn't support ipv6. Once I'm finished with the lab, one of my two 3560's will be tasked for that replacement, and then the migration will begin. I'll implement a DNS64 server to handle DNS proxying. I haven't quite decided what 6 to 4 translation mechanism I'm going to be using yet.

So yeah, I'm a big nerd, and most of what I do for fun, people want to get paid for. Of course, the entire point is that I will be getting paid for it - down the line.

CodeBlox

Holy hell, I'd LOVE to see pictures Forsaken!

Asif Dasl

My home router - Cisco CRS-3

My main desktop - Intel i386DX-25Mhz, 2Mb RAM, 100Mb Hard drive, 3.1 WfWG (Note, it's a DX!! WITH custom water cooling)

Spare lab PC / Folding@Home - K computer, SPARC64 (I've got 2, in case the other one breaks down)

Gold iPad

5 year diesel generator with backup nuclear fusion power plant

Bomb-proof nuclear bunker (much like this one)

LinuxRacr

Damn GA, I feel like I have forsaken my training when I hear about your lab....

SteveO86

Really sweet Forsaken!! I gotta say I am jealous

Forsaken_GA

Well, keep in mind, I didn't do that over the span of a few weeks. That setup has been years in the making. Every time I ran across tech that I didn't know how to work with, but I thought it sounded cool, I went and implemented it.

When I get ready to do the v6 implementation, my inclination has actually been to tear it down and redo everything from scratch. The only reason I'm going to actually migrate the damn thing is because I think that having experience with an actual v6 migration is a pretty marketable skill, and I'm going to do it in two phases like I expect a real world migration would proceed - migrate to dual stack, and then start turning off v4.

Dual stack is pretty easy, all I really need to do is replace the 3550, as almost everything is v6 capable. Besides the hardware requirement, the other major hold up is pfSense and it's woeful lack of ipv6 support. I'm not interested in running the experimental versions, and it's been surprisingly hard to find an opensource firewall solution that supports ipv6 and an active/passive failover setup. Hopefully pfSense will be caught up by the time I'm ready to do it, otherwise I'll have to build my own solution, likely with OpenBSD.

I'd really prefer to avoid that, though. As a network engineer, it's very unlikely that I'll ever find myself in a situation where I need to build my own firewall setup from scratch in a production environment. Most companies are going to pay for and deploy a turnkey solution, so that's what I'd prefer to do as well.

LinuxRacr

I remember back in the day I ran something called PMFirewall. It was basically a program you installed on Linux that configured your IPchains rules for you, according to what you wanted. The Linux host had dual NIC cards, and was essentially a Linux-based firewall, and it worked pretty well.

Forsaken_GA

LinuxRacr wrote: »

I remember back in the day I ran something called PMFirewall. It was basically a program you installed on Linux that configured your IPchains rules for you, according to what you wanted. The Linux host had dual NIC cards, and was essentially a Linux-based firewall, and it worked pretty well.

When it comes to a firewall box, I prefer running pf over iptables. pf was badass back in the day, and they've pretty much achieved feature parity, but I still run a preference towards pf, and openbsd in particular, since they're zealots about security, and that's perfect for a firewall box.

As far as configuration goes, I stopped doing commandline crap once I discovered fwbuilder. It's a beautiful, beautiful utility that lets you build your firewall rules in a GUI, and then will push them out to the device, and it handles iptables, pf, ipfw, asa/pix, and I believe IOS ACL's as well.